One of the biggest features of Google’s upcoming M version of Android may sound awfully familiar to iOS regulars: When an app you’ve just installed asks for access to the camera, your contacts, or other sensitive data points or phone features, you’ll be able to decline that request.
And the app will have to take no for an answer.
“We’re giving users meaningful control,” engineering vice president Dave Burke said while introducing this new app-permissions feature during the Thursday morning keynote that opened Google’s I/O conference last week.
Further details came in a separate presentation Friday afternoon from product manager Ben Poiesz. Here’s what you should know for when Android M ships later this year:
You won’t be asked upfront for permission. The old, all-or-nothing laundry list of permissions presented when you tap the “Install” button in the Play Store is gone; instead, the “Install” button will work immediately, and the app should only ask for a specific permission the first time it actually needs to do a particular task.
Those requests can cover broad categories: calendar, camera, contacts, location, microphone, phone, SMS, and “sensors” (in practice, accelerometers and related circuitry that inform fitness-tracking apps).
You’ll be able to change your mind later on. Android M will give you two ways to yank an app’s license to your device or your data. If you open the “Settings” app, tap the “Apps” category and bring up a particular title and tap the “Permissions” heading, you can turn off its access, one category at a time.
You can also get a “vertical view” of which apps can touch the camera, your calendar, and so on from inside that same Apps screen in the Settings app. (Tap the menu button at the top right corner, select “Advanced” and then “App permissions.”)
This includes older apps. Existing Android apps weren’t written with this feature in mind. To work around that while preserving your ability to rein in these apps, Android will feed these apps empty data if you revoke a permission — the equivalent of duct-taping over the camera. Older apps may or may not respond well to that.
This will probably upset some developers — and users. Google hopes Android developers will quickly update their apps to support this new regime, but the transition may be messy. Said Poiesz: “It’s like switching from the left side of the road to the right side of the road.”
In particular, since developers can’t add their own explanations to a permissions dialog (something iOS allows), they’ll have to find ways to ensure that these requests only pop up in context. One possible consequence emerged in the Q&A after Friday’s panel: Ad-subsidized apps that only ever needed your location to help advertisers target you may quickly lose that access.
The people using these apps, in turn, may find that apps break or stumble when deprived of access. An app can ask permission for a second time, but if the user declines that request and taps the “Don’t ask me again” button, the app will remain broken unless the person holding the phone or tablet dives into the Settings app.
Some permissions will now be automatic. For the sake of simplicity, you won’t see some lower-level requests that Google doesn’t think amount to privacy threats. For instance, if an app wants to access the Internet or the ability to make the phone vibrate, it can just do so. You’ll also lose some finer-grained insights on an app’s behavior; for instance, it won’t be able to say that it only needs your rough location.
Google tried and yanked this once before. Back in 2013, Android 4.3 featured a hidden control panel called App Ops, which let you turn off individual app permissions. Google disabled that in Android 4.4.2.
I asked Poiesz about this on Friday, and he allowed that while Android M’s permissions structure shares “some underpinnings” with App Ops, Google realized it couldn’t get a feature like this to work at scale without also letting users decide on app permissions upfront.
The other difference, of course, is that Google has publicly documented this, so it can’t later say it was a mistakenly released experiment, as it told the Electronic Frontier Foundation when it complained about App Ops’ removal. And developers can’t say they were surprised either.